Lucene search

K

11 matches found

CVE
CVE
added 2022/04/07 7:15 p.m.80 views

CVE-2022-0677

Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior ...

7.5CVSS7.4AI score0.00536EPSS
CVE
CVE
added 2025/04/04 10:15 a.m.79 views

CVE-2025-2244

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize() on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write, ...

9.8CVSS7.1AI score0.00481EPSS
CVE
CVE
added 2024/06/06 8:15 a.m.68 views

CVE-2024-4177

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise.

9.8CVSS8AI score0.00112EPSS
CVE
CVE
added 2022/09/05 12:15 p.m.45 views

CVE-2022-2830

Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cl...

9.8CVSS9.3AI score0.01619EPSS
CVE
CVE
added 2025/04/04 10:15 a.m.44 views

CVE-2025-2243

A server-side request forgery (SSRF) vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue af...

7.3CVSS6.7AI score0.00138EPSS
CVE
CVE
added 2021/12/16 3:15 p.m.40 views

CVE-2021-3960

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects Bitdefender GravityZone versions prior to 3.3.8.272

7.8CVSS7.5AI score0.00047EPSS
CVE
CVE
added 2024/07/31 7:15 a.m.40 views

CVE-2024-6980

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise.

9.8CVSS6.4AI score0.00245EPSS
CVE
CVE
added 2021/10/28 2:15 p.m.34 views

CVE-2021-3823

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the UpdateServer component of Bitdefender GravityZone allows an attacker to execute arbitrary code on vulnerable instances. This issue affects: Bitdefender GravityZone versions prior to 3.3.8.249.

9.8CVSS8.6AI score0.00403EPSS
CVE
CVE
added 2021/11/24 4:15 p.m.33 views

CVE-2021-3554

Improper Access Control vulnerability in the patchesUpdate API as implemented in Bitdefender Endpoint Security Tools for Linux as a relay role allows an attacker to manipulate the remote address used for pulling patches. This issue affects: Bitdefender Endpoint Security Tools for Linux versions pri...

10CVSS9.2AI score0.00318EPSS
CVE
CVE
added 2021/12/16 3:15 p.m.32 views

CVE-2021-3959

A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.272

7.5CVSS7AI score0.00222EPSS
CVE
CVE
added 2018/10/30 7:29 p.m.30 views

CVE-2017-8931

Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow attackers to gain access with root privileges via unspecified vectors.

10CVSS9.4AI score0.00442EPSS